Is it a issue to leave command polling enable while workstations are communicating to internal relays? and it set to 3600 sec (1 Hour)
We hava seat count about 25,000 workstations and out of those workstations only laptop users are targeted to have this enabled. We are using the command polling feature in order to patch via DMZ relay.
Should we setup a policy to disable command polling when those laptops communicate with a internal relay?
I would say don’t worry about it… Command polling at 1 hour won’t hurt anything because relays can easily handle the extra gather requests… Our default command polling is too high in my opinion (meaning that we wait too long to poll by default without really a good reason), but we have never gotten around to changing this…
I agree that there is no problem with going in and out of the “internal” environment with comm polling turned on… but I didn’t want that… thus I came up with the following task to turn it on when a system is talking to my DMZ relay and off when not…
<?xml version=
"1.0" encoding=
"UTF-8"?> <BES xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation=
"BES.xsd"> <Task> <Title>Enable Command Polling every 30min
for DMZ Endpoints</Title> <Description><![CDATA[BES Clients listen
for UDP commands that have been sent to them by their parent Relay or Server. Sometimes UDP commands may not make it to a Client, as when UDP has been blocked by a firewall or there is a significant amount of network traffic.<BR><BR>This task configures Clients to poll their parent Relay or Server once an hour
for UDP commands they may have missed (BigFix 6.0+).<BR><BR><B>Note</B>: The minimum value
for the polling interval is 1 minute and the maximum is 2 days.<BR><BR><B>Note:</B> Setting the polling interval to less than 20 minutes may cause performances issues and is not recommended. ]]></Description> <Relevance><![CDATA[version of client >=
"6.0"]]></Relevance> <Category>Relay Infrastructure</Category> <DownloadSize>0</DownloadSize> <Source>Moran IT</Source> <SourceID></SourceID> <SourceSeverity></SourceSeverity> <CVENames></CVENames> <SANSID></SANSID> <MIMEField> <Name>x-fixlet-first-propagation</Name> <Value>Wed, 19 Aug 2009 22:45:57 +0000</Value> </MIMEField> <MIMEField> <Name>x-fixlet-domain_attributes</Name> <Value>BES Component Client</Value> </MIMEField> <MIMEField> <Name>x-fixlet-modification-time</Name> <Value>Mon, 31 Jan 2011 16:05:59 +0000</Value> </MIMEField> <Domain>BES </Domain> <DefaultAction ID=
"Action1"> <Description> <PreLink>Click </PreLink> <Link>here</Link> <PostLink><![CDATA[ to <B>enable</B> command polling in Clients every 30min.]]></PostLink> </Description> <ActionScript MIMEType=
"application/x-Fixlet-Windows-Shell">parameter
"__OldRelay"=
"{if exist values of settings "__OldRelay
" of client then value of setting "__OldRelay
" of client else "not set
"}" parameter
"_CurRelay"=
"{(if ((it does not contain "127.0.0.1
" and it does not contain "::1
") of name of registration server) then (name of registration server) else if (exists setting "_BESRelay_PostResults_ParentRelayURL
" of client and exists value of setting "_BESRelay_PostResults_ParentRelayURL
" of client as string) then (preceding text of first "/
" of (following text of first "
//" of (value of setting "_BESRelay_PostResults_ParentRelayURL" of client))) else "BES Root Server")}"
if
{(parameter
"__OldRelay" as lowercase) != (parameter
"_CurRelay" as lowercase)
}
//save for later comparison setting
"__OldRelay"=
"{parameter "_CurRelay
"}" on
"{now}"
for client
//if we're talking to our public address.. then set a fast increase poll rate...
if
{((parameter
"_CurRelay") as lowercase contains
"[insert url here]") AND not (exists relay service)
}
//add command polling since the client is beyond our udp reach setting
"_BESClient_Comm_CommandPollEnable"=
"1" on
"{now}"
for client setting
"_BESClient_Comm_CommandPollIntervalSeconds"=
"1800" on
"{now}"
for client
else
//remove command polling since we're talking to an actual relay... setting delete
"_BESClient_Comm_CommandPollEnable" on
"{now}"
for client setting delete
"_BESClient_Comm_CommandPollIntervalSeconds" on
"{now}"
for client endif endif</ActionScript> <SuccessCriteria Option=
"RunToCompletion"></SuccessCriteria> <Settings> <PreActionShowUI>false</PreActionShowUI> <HasRunningMessage>false</HasRunningMessage> <HasTimeRange>false</HasTimeRange> <HasStartTime>false</HasStartTime> <HasEndTime>false</HasEndTime> <HasDayOfWeekConstraint>false</HasDayOfWeekConstraint> <UseUTCTime>false</UseUTCTime> <ActiveUserRequirement>NoRequirement</ActiveUserRequirement> <ActiveUserType>AllUsers</ActiveUserType> <HasWhose>false</HasWhose> <PreActionCacheDownload>false</PreActionCacheDownload> <Reapply>true</Reapply> <HasReapplyLimit>false</HasReapplyLimit> <HasReapplyInterval>true</HasReapplyInterval> <ReapplyInterval>PT30M</ReapplyInterval> <HasRetry>false</HasRetry> <HasTemporalDistribution>false</HasTemporalDistribution> <ContinueOnErrors>true</ContinueOnErrors> <PostActionBehavior Behavior=
"Nothing"></PostActionBehavior> <IsOffer>false</IsOffer> </Settings> <SettingsLocks> <ActionUITitle>false</ActionUITitle> <PreActionShowUI>false</PreActionShowUI> <PreAction> <Text>false</Text> <AskToSaveWork>false</AskToSaveWork> <ShowActionButton>false</ShowActionButton> <ShowCancelButton>false</ShowCancelButton> <DeadlineBehavior>false</DeadlineBehavior> <ShowConfirmation>false</ShowConfirmation> </PreAction> <HasRunningMessage>false</HasRunningMessage> <RunningMessage> <Text>false</Text> </RunningMessage> <TimeRange>false</TimeRange> <StartDateTimeOffset>false</StartDateTimeOffset> <EndDateTimeOffset>false</EndDateTimeOffset> <DayOfWeekConstraint>false</DayOfWeekConstraint> <ActiveUserRequirement>false</ActiveUserRequirement> <ActiveUserType>false</ActiveUserType> <Whose>false</Whose> <PreActionCacheDownload>false</PreActionCacheDownload> <Reapply>false</Reapply> <ReapplyLimit>false</ReapplyLimit> <RetryCount>false</RetryCount> <RetryWait>false</RetryWait> <TemporalDistribution>false</TemporalDistribution> <ContinueOnErrors>false</ContinueOnErrors> <PostActionBehavior> <Behavior>false</Behavior> <AllowCancel>false</AllowCancel> <Deadline>false</Deadline> <Title>false</Title> <Text>false</Text> </PostActionBehavior> <IsOffer>false</IsOffer> <AnnounceOffer>false</AnnounceOffer> <OfferCategory>false</OfferCategory> <OfferDescriptionHTML>false</OfferDescriptionHTML> </SettingsLocks> </DefaultAction> </Task> </BES>